네이버로 위장한 피싱 공격
2024-05-28 • Hauri • Malware analysis report •
https://hauri.co.kr/security/security_view.html?intSeq=62&page=1&keyfield=&key=
Attachments
Hauri reports a phishing campaign impersonating Naver login pages to steal credentials from Korean users through email distribution. The phishing site checked submitted credentials against naver.com to verify whether the victim had entered valid account information. When login succeeded, the site also requested a password change, a deception step intended to reduce suspicion that the page was fraudulent. The source says Kimsuky is suspected behind the activity and notes the group has previously impersonated Korean platforms such as Kakao and Naver.